class UsersController < ApplicationController  
  before_filter :find_user,               :only => [:show, :edit,   :update, :destroy, :orders, :galleries]
  before_filter :find_list_items,         :only => [:show, :edit,   :update, :orders]
  before_filter :require_login,           :only => [:edit, :update, :orders]
  before_filter :already_logged_in?,      :only => [:new, :create]
  before_filter :require_admin,           :only => [:destroy]
  
  def index
    if params[:display] == "clients"
      @users = User.find(:all, :conditions => ['is_client = ?', true], :order => "login")
    elsif params[:display] == "admins"
      @users = User.find(:all, :conditions => ['is_admin = ?', true], :order => "login")
    elsif params[:display] == "new"
      @users = User.find(:all, :conditions => ['created_at > ?', 30.days.ago], :order => "login")
    else
      @users = User.find :all, :order => "login"
    end
  end
  
  def show
  end
  
  def new
    @user = User.new
    session[:return_to] = request.referer
  end
  
  def create
    cookies.delete :auth_token
    @user = User.new(params[:user])
    @user.save!
    (self.current_user = @user) unless logged_in? && current_user.is_admin?
    flash[:update] = "Hello #{@user.login}, thanks for signing up!"
    (flash[:update] = "The user #{@user.login} has been created") if logged_in? && current_user.is_admin?
    redirect_back_or_default('/')
  rescue ActiveRecord::RecordInvalid
    flash[:error] = 'Errors were detected, see below.'
    render :action => 'new'
  end
  
  def edit
  end
  
  def update
    params[:user][:gallery_ids] ||= []
    @user.update_attributes!(params[:user])
    flash[:update] = 'The information for this user has been updated.'      
    redirect_to user_url(@user)
  rescue ActiveRecord::RecordInvalid
    flash[:error] = 'Errors were detected, see below.'
    render :action => 'edit'
  end
  
  def destroy
    @user.destroy
    flash[:update] = 'The user has been deleted.'
    redirect_to users_url
  end
  
  def orders
  end
  
  def galleries
  end
  
protected
  def already_logged_in?
    if logged_in? && !current_user.is_admin?
      flash[:update] = "You are already logged in."
      redirect_back_or_default('/')
    end
  end
  def require_admin
    if !current_user.is_admin?
      flash[:error] = "Must be an administrator to do that, sorry."
      redirect_back_or_default('/')
    end
  end
  def find_list_items
    @galleries        = Gallery.find(:all, :order => 'created_at desc')
    @photos           = Photo.find(:all, :conditions => ['parent_id IS ?', nil], :order => 'created_at asc')
    @videos           = Video.find(:all, :order => 'created_at desc')
  end
  def find_user
    @user = User.find params[:id]
  end
  def require_login
    if !logged_in?
      flash[:error] = 'You must be logged in to do that'
      redirect_to login_url
    end
  end
  def require_authorized_user
    if logged_in? && ((current_user == User.find(params[:id])) || current_user.is_admin?)
      return true
    else
      if !logged_in?
        flash[:error] = 'You must be logged in to do that'
        redirect_to login_url
      else
        flash[:error] = 'Sorry, you\'re now allowed to see that.'
        redirect_back_or_default('/')
      end
    end
  end
end
